Ansible-Bootstrap/roles/partitioning/tasks/main.yml

143 lines
5.3 KiB
YAML
Raw Normal View History

2024-03-19 23:02:50 +01:00
---
- name: Partition install drive
block:
- name: Prepare partitions
2024-10-28 18:56:00 +01:00
failed_when: false
2024-07-11 22:20:45 +02:00
ansible.builtin.command: "{{ item.cmd }}"
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
loop:
2024-07-11 22:20:45 +02:00
- { cmd: umount -l /mnt }
- { cmd: vgremove -f sys }
- { cmd: 'find /dev -wholename "{{ install_drive }}*" -exec wipefs --force --all {} \;' }
2024-03-19 23:02:50 +01:00
loop_control:
label: "{{ item.cmd }}"
- name: Define partitions
2024-07-11 22:20:45 +02:00
community.general.parted:
2024-03-19 23:02:50 +01:00
device: "{{ install_drive }}"
label: gpt
number: "{{ item.number }}"
part_end: "{{ item.part_end | default(omit) }}"
part_start: "{{ item.part_start | default(omit) }}"
name: "{{ item.name }}"
flags: "{{ item.flags | default(omit) }}"
state: present
loop:
2024-07-11 22:20:45 +02:00
- { number: 1, part_end: 500MiB, name: boot, flags: [boot, esp] }
- { number: 2, part_start: 500MiB, name: root }
2024-03-19 23:02:50 +01:00
- name: Create LVM logical volumes
when: filesystem != 'btrfs'
block:
- name: Create LVM volume group
2024-07-11 22:20:45 +02:00
community.general.lvg:
2024-03-19 23:02:50 +01:00
vg: sys
2024-07-11 22:20:45 +02:00
pvs: "{{ install_drive }}{{ main_partition_suffix }}"
2024-03-19 23:02:50 +01:00
- name: Create LVM logical volumes
when: cis or (not cis and item.lv != 'var_log' and item.lv != 'var_log_audit')
2024-07-11 22:20:45 +02:00
community.general.lvol:
2024-03-19 23:02:50 +01:00
vg: sys
lv: "{{ item.lv }}"
size: "{{ item.size }}"
state: present
loop:
2024-07-11 22:20:45 +02:00
- { lv: root, size: 12G }
- { lv: home, size: 2G }
- { lv: var, size: 2G }
- { lv: var_log, size: 2G }
- { lv: var_log_audit, size: 1.5G }
2024-03-19 23:02:50 +01:00
- name: Create filesystems
block:
- name: Create FAT32 filesystem in boot partition
2024-07-11 22:20:45 +02:00
community.general.filesystem:
dev: "{{ install_drive }}{{ boot_partition_suffix }}"
2024-03-19 23:02:50 +01:00
fstype: vfat
2024-10-30 00:29:46 +01:00
opts: -F32 -n BOOT
2024-07-11 22:09:58 +02:00
force: true
2024-03-19 23:02:50 +01:00
- name: Create filesystem
2024-07-11 22:20:45 +02:00
ansible.builtin.include_tasks: "{{ filesystem }}.yml"
2024-03-19 23:02:50 +01:00
- name: Get UUID for boot filesystem
2024-07-11 22:20:45 +02:00
ansible.builtin.command: blkid -s UUID -o value '{{ install_drive }}{{ boot_partition_suffix }}'
2024-03-19 23:02:50 +01:00
changed_when: false
register: boot_uuid
- name: Get UUID for main filesystem
2024-07-11 22:20:45 +02:00
ansible.builtin.command: blkid -s UUID -o value '{{ install_drive }}{{ main_partition_suffix }}'
2024-03-19 23:02:50 +01:00
changed_when: false
register: main_uuid
- name: Get UUIDs for LVM filesystems
when: filesystem != 'btrfs' and (cis | bool or item not in ['var_log', 'var_log_audit'])
2024-07-11 22:20:45 +02:00
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
2024-03-19 23:02:50 +01:00
changed_when: false
register: uuid_result
loop:
- root
- home
- var
- var_log
- var_log_audit
2024-07-11 22:22:43 +02:00
- name: Assign UUIDs to Variables
ansible.builtin.set_fact:
2024-03-19 23:02:50 +01:00
uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
uuid_home: "{{ uuid_result.results[1].stdout_lines }}"
uuid_var: "{{ uuid_result.results[2].stdout_lines }}"
uuid_var_log: "{{ uuid_result.results[3].stdout_lines if cis == true else '' }}"
uuid_var_log_audit: "{{ uuid_result.results[4].stdout_lines if cis == true else '' }}"
when: filesystem != 'btrfs'
- name: Mount filesystems
block:
- name: Mount filesystems and subvolumes
when: cis | bool or (not cis and item.path != '/var/log' and item.path != '/var/log/audit')
2024-07-11 22:20:45 +02:00
ansible.posix.mount:
path: /mnt{{ item.path }}
2024-03-19 23:02:50 +01:00
src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
2024-07-11 22:03:15 +02:00
fstype: "{{ filesystem }}"
2024-03-19 23:02:50 +01:00
opts: "{{ item.opts }}"
state: mounted
loop:
2024-07-11 22:20:45 +02:00
- path: ""
uuid: "{{ uuid_root[0] | default(omit) }}"
opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
- path: /home
uuid: "{{ uuid_home[0] | default(omit) }}"
2024-10-28 18:26:54 +01:00
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@home' }}"
2024-07-11 22:20:45 +02:00
- path: /var
uuid: "{{ uuid_var[0] | default(omit) }}"
2024-10-28 18:26:54 +01:00
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var' }}"
2024-07-11 22:20:45 +02:00
- path: /var/log
uuid: "{{ uuid_var_log[0] | default(omit) }}"
2024-10-28 18:26:54 +01:00
opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log' }}"
2024-07-11 22:20:45 +02:00
- path: /var/log/audit
uuid: "{{ uuid_var_log_audit[0] | default(omit) }}"
2024-10-28 18:26:54 +01:00
opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log_audit' }}"
2024-03-19 23:02:50 +01:00
- name: Mount tmp and var_tmp filesystems
2024-07-11 22:20:45 +02:00
ansible.posix.mount:
path: /mnt{{ item.path }}
2024-03-19 23:02:50 +01:00
src: tmpfs
fstype: tmpfs
opts: defaults,nosuid,nodev,noexec
state: mounted
loop:
2024-07-11 22:20:45 +02:00
- { path: /tmp }
- { path: /var/tmp }
2024-03-19 23:02:50 +01:00
- name: Mount boot filesystem
2024-07-11 22:20:45 +02:00
ansible.posix.mount:
2024-10-30 00:29:46 +01:00
path: "{{ '/mnt/boot/efi' if os | lower in ['rhel8', 'ubuntu', 'ubuntu-lts'] else '/mnt/boot' }}"
2024-03-19 23:02:50 +01:00
src: UUID={{ boot_uuid.stdout }}
fstype: vfat
2024-07-11 22:03:15 +02:00
state: mounted